Implementing Infrastructure for the eUniversity - PowerPoint PPT Presentation

1 / 49
About This Presentation
Title:

Implementing Infrastructure for the eUniversity

Description:

As universities continue to expand their ... Playing 'catch-up' is difficult given the rate at which technology and ... Information Week http://www.informat ... – PowerPoint PPT presentation

Number of Views:93
Avg rating:3.0/5.0
Slides: 50
Provided by: gsu49
Category:

less

Transcript and Presenter's Notes

Title: Implementing Infrastructure for the eUniversity


1
Implementing Infrastructure for the eUniversity
  • Art Vandenberg
  • Director
  • 404-463-9601
  • Avandenberg_at_gsu.edu

Fred Przystas Project Manager 404-463-9602 Cagfwp_at_
gsu.edu
Information Systems Technology Advanced Campus
Services Georgia State University
University System of Georgia Annual Computing
ConferenceOctober 25-27, 2000
2
The eUniversity
  • Why the Rush? Why Do We Need It?

3
Why the Rush?
  • As universities continue to expand their customer
    base via the internet, they are reaching beyond
    their territory into YOUR territory.
  • Distance is no longer a barrier as a result of
    the internet and Distance Learning.
  • Playing catch-up is difficult given the rate at
    which technology and information is currently
    speeding along this virtual internet highway.

4
Why do we need the eUniversity?
  • Improve the quality of University Services
  • Reduction of Costs
  • Open New Avenues for Revenue
  • More sophisticated ways of doing business
  • Enhance collaborative research
  • Provide a campus portal for students to obtain
    various services

5
Major Areas of Focus
  • E-academics enhanced technology learning and
    distance learning
  • E-research promotes collaborative research and
    scholarly publishing

6
Major Areas of Focus
  • E-business electronic administrative services,
    i.e., travel, purchasing, and supply
  • E-community become a valued resource for the
    surrounding communities we serve by providing
    easy access to various online services such as
    GIL, G.L.O.B.E, and eCore?

7
How do we get there?
  • Coordination Project Planning
  • Cooperation Inclusion of Stakeholders
  • Creativity Funding and Resources
  • Consultation Hire an outside group to examine
    what you have, and what you will need to
    implement the eUniversity

8
What Else Is Needed?
  • S
  • E
  • C
  • U
  • R
  • I
  • T
  • Y

Public Key Infrastructure PKI
9
SECURITY
SAFE ENVIRONMENT
ENCRYPTED TRANSACTIONS
CERTIFICATE AUTHORITY
UNIVERSAL UNIQUE ID (UUID)
REGISTRATION AUTHORITY
IDENTIFICATION
TRUST
YOU NEED IT TO...
10
COMPETE SURVIVE!
11
Public Key Infrastructure
  • Confidentiality
  • Integrity
  • Authentication
  • Non-repudiation

12
Components of PKI
  • Security Policy
  • Defines Organizations Top-Level Security
  • Certificate Practice Statement (CPS)
  • Outlines Key Creation/Distribution and
    Certificate Issuance
  • Identifies Levels of Risk

13
Components of PKI
  • Certificate Authority (CA)
  • Sets Expiration Dates for Digital Certificates
  • Tracks Certificate Revocation Lists (CRLs)
  • Issues Certificates binding identity of user or
    system to a public key with a Digital Signature
    (DS)

14
Components of PKI (Cont.)
  • Registration Authority (RA)
  • Interface between User and CA
  • Authenticates Identity of User following Security
    Policies
  • Quality of Authentication sets level of trust
    placed on certificates issued

15
Components of PKI (Cont.)
  • Certificate Distribution System
  • Directory Service
  • User Distributed
  • Enterprise PKI solution

16
Components of PKI (Cont.)
  • PKI Enabled Applications
  • Web Servers and Browsers
  • E-mail
  • Electronic Data Interchange (EDI)
  • Credit card Transactions over the Internet
  • Virtual Private Networks (VPNs)

17
PKI Evaluation Considerations
  • Flexibility
  • Interface with standard directory structures like
    Lightweight Directory Access Protocol (LDAP) and
    X.500 (DAP)
  • Allow users to request certificates via e-mail
  • Standard interfaces such as PKCS11 to work with
    various security tokens (example smart cards and
    hardware security models (HSMs))
  • Automated RA, if needed

18
PKI Evaluation Considerations (Cont.)
  • Ease of Use
  • Management of PKI should be simple and not
    require a technical background to manage
  • Interface should be graphical and intuitive
  • Supports Security Policy
  • CA/RA should be able to reflect security policies
    of organization in certificate issuance

19
PKI Evaluation Considerations (Cont.)
  • Scalability
  • Support for additional applications as they come
    online
  • Ability to add CAs and RAs as needed to support
    organizational growth
  • Ability to support increased numbers of
    certificates issued as the PKI grows

20
PKI Evaluation Considerations (Cont.)
  • Interoperability
  • PKI should be built to the most common commercial
    standards
  • PKI should be completely open to allow for future
    integration as IT infrastructure grows
  • PKI needs to be interoperable globally

21
PKI Evaluation Considerations (Cont.)
  • Security of CA and RA
  • CA/RA is the center of PKI and should be held in
    a tamper resistant security module
  • Backup copies are essential protection for
    disaster recovery
  • CA/RA system should have a secure audit trail
    that includes a time/date stamp and signature for
    each transaction
  • CA should be held to the highest commercial
    standard security

22
WHAT ARE WE WAITNG FOR?
  • LETS LET MIKEY TRY IT FIRST

23
Meet Mikey!
24
Taking Strategic Actions
  • Advanced Campus Services CIO/Associate Provost
    Information Systems Technology creates a
    strategic unit
  • Discovery of Resources educating
  • Organizational Structure enabling interaction
  • Performance Objectives accomplishing goals

25
Advanced Campus ServicesA Response to Ongoing
Issues
  • CSO to LDAP directory conversion in the queue
    for several years
  • Authentication/authorization needs
  • Student email a campus pressure point
  • Audit findings call for account management
  • Data feeds, interfaces between application
    domains becoming increasingly complex

26
Advanced Campus ServicesEstablishing a Strategic
IT Unit
  • ACS unit created February 2000
  • Charged to plan and develop actions for
  • University-wide directory services
  • Public-private key infrastructure
  • Universal email solutions
  • Interfaces to one-card, library, other systems
  • broad, coordinating role in the establishment of
    standards, methods and processes

27
Discovery of Resources Educating
  • Aim is to find best practices
  • Research resources
  • Higher education groups
  • Standards groups
  • Industry analysts
  • Application vendors
  • Trade journals, News, Georgia Code...
  • Internet/Libraries/People!

28
Discovery of Resources (cont.)
  • Internet2 Middleware Initiative
    lthttp//www.internet2.edu/middleware/gt
  • Higher Education Middleware services
  • Identifiers, directories, authentication,
    authorization
  • Overviews, conceptual framework, best practices,
    LDAP recipe
  • Extensive links to other sites
  • The Authoritative Hub for Higher Education

29
Discovery of Resources (cont.)
  • CREN lthttp//www.cren.net/gt
  • mission is to support higher education and
    research organizations with strategic IT
    knowledge services
  • TechTalk series live audiocasts
  • Interviews with technology experts real life
    scenarios
  • CREN Certificate Authority initiative

30
Discovery of Resources (cont.)
  • Federal PKI Technical Working Group
    lthttp//gits-sec.treas.gov/fpkitechwork.htmgt
  • Providing leadership in public key and directory
    technology over last decade
  • Establishing models for interoperation
  • Addressing policy issues, cf. ACES
  • GTRI participated in Federal Bridge CA
    demonstration project

31
Discovery of Resources (cont.)
  • Net_at_Edu PKI for Networked Higher Education
    Working Group lthttp//www.educause.edu/netatedu/gr
    oups/pki/gt
  • Sponsoring a series of summit meetings
  • eduPerson LDAP objectclass (with Internet2)
    attributes of a higher education person
  • USG Central Office personnel involved

32
Discovery of Resources (cont.)
  • The Burton Group lthttp//www.tbg.com/gt
  • Network infrastructure strategy consultants
  • GSU subscribes to Network Strategy Service
  • Conducted seminars on directories (9/1999) and
    PKI (3/2000) for USG
  • TBG recommendations endorsed by ACIT
  • FYI Jamie Lewis, CEO, is GSU grad

33
Discovery of Resources (cont.)
  • The GartnerGroup lthttp//gartner4.gartnerweb.com/p
    ublic/static/home/home.htmlgt
  • Industry consultant providing research
    highlights and analysis of industry trends
  • USG subscription
  • Decision Drivers service includes PKI model
  • 2,800 factors related to PKI vendor evaluation
  • Tool facilitates collaborative definition of
    criteria

34
Discovery of Resources (cont.)
  • Internet Engineering Task Force (IETF)
    lthttp//www.ietf.org/gt
  • LDAP Specifications (RFCs 2251-2256)
  • Understanding and Deploying LDAP Directory
    Services, by Timothy Howes
  • Author of LDAP while at U. Michigan
  • Developed Netscapes LDAP directory
  • Text introduces directory architecture, addresses
    life-cycle deployment, and provides case studies

35
Discovery of Resources (cont.)
  • Directory Interoperability Forum
    lthttp//www.directoryforum.org/gt
  • Forum established 1999, then merged in July 2000
    with...
  • The Open Groups Directory Program
    lthttp//www.opengroup.org/directory/gt
  • promotes open and interoperable directories
    based on open standards
  • Members Cisco, HP, IBM, Microsoft, Netscape,
    Novell...
  • Universal Schema Reference lthttp//home.netscape.c
    om/eng/server/directory/schema/gt
  • 150 objectclasses, 600 attributes...

36
Discovery of Resources (cont.)
  • SCT SUMMIT Conference for Banner Users
    lthttp//www.sctcorp.com/gt
  • SCT architectural strategy includes LDAP
  • CUMREC Annual Conference lthttp//www.cumrec.com/gt
  • Directory, PKI sessions, networking (people)
  • Senate Bill 465 (Georgia Technology Authority)
    lthttp//www.state.ga.us/cgi-bin/pub/leg/legdoc?bil
    lname1999/SB465docpartfullgt
  • Legislation that includes commitment to digital
    signatures technology solutions

37
Discovery of Resources (cont.)
  • Chronicle of Higher Education lthttp//chronicle.co
    m/index.htmgt
  • Information Week lthttp//www.informationweek.com/n
    ewsflash/default.htmlgt
  • ACM TechNews lthttp//www.acm.org/technews/current/
    homepage.htmlgt
  • eUniversity news items
  • distance learning, online libraries, sharing
    research facilities, mobile users, ecommerce,
    virtual classrooms...

38
Organizational Structure Enabling Interaction
  • ACS - 2 staff providing broad coordinating role
    to advance the development of a university-wide
    consensus regarding directions and strategies.
  • A goal is to foster interactions and encourage
    communication
  • Use IETF model - working groups convened to
    address specific task

39
Organizational Structure Steering Group
  • CIO his IT Directors representing
  • Networks, educational technology, library
    systems, administrative applications, strategic
    planning
  • Discussion and consensus process sets
  • Overall scope
  • Task priorities
  • Resource allocation
  • Liaison with University System others

40
Organizational Structure Data Stewards for GSU
Person Working Group
  • Functional data stewards representing
  • Human resources, student systems, affiliates,
    library, alumni, and information technology
  • Reviewing eduPerson objectclass
  • Mapping data sources to LDAP attributes
  • Reconciliation synchronization processes
  • Recommending policy
  • cf. GSU Enterprise Directory Policy

41
Organizational Structure LDAP Design Technical
Working Group
  • Senior technical staff Unix and Novell
  • Schema design technical issues
  • Implementation of the directory
  • Replication synchronization
  • Interfaces between directories
  • Interoperability of clients
  • Migration of existing directory apps sendmail
    alias forwarding, dialin authorization, PPP
    access...

42
Organizational Structure Interactions with
other groups
  • April 2000 GSU, OIIT, GaTech re GartnerGroup
    Decision Drivers for PKI
  • June 2000 common directory proposal becomes
    SURA response to I2 PKILabs RFP (not awarded but
    contacts good)
  • August 2000 common directory proposal
    restated for Vice Chancellor OIIT
  • October 2000 GSU, UGA, GIT, OIIT meet re LDAP
    directory implementation

43
Organizational Structure Mutual Interest
Common Goals
  • Internet2 Middleware Initiatives Goal The
    goal is to assist in the creation of
    interoperable middleware infrastructures among
    the membership of Internet2 and related
    communities.
  • 1. Make it happen...
  • 2. Be an honest broker
  • 3. Integrate across applications...
  • 4. Interoperate between campuses
  • Lets work together. says Mikey.

44
Performance Objectives Accomplishing Goals
  • March 2000 ACS establishes broad objectives
    based on
  • The Burton Group recommendations
  • Internet2 Middleware Initiative
  • Existing GSU application needs
  • Expectation that as work proceeds, refinement of
    objectives will occur based on communication with
    and input of others

45
Performance Objectives (cont.)
  • White Paper 6/30/2000 summarize issues for
    successful infrastructure deployment
  • Take strategic enterprise approach
  • Use collaboration and communication
  • Leverage existing initiatives in community of
    interest
  • Define PKI evaluation criteria PKI 7/15/2000
  • Ambitious, but GartnerGroup Decision Drivers a
    tool
  • Refined to First establish directory
    infrastructure

46
Performance Objectives (cont.)
  • Define GSU common directory 8/15/2000
  • Of course this is ambitious, but you need a start
  • Data Stewards WG met biweekly from June 2000
  • 35 core attributes mapped to data sources
  • Reconciliation, prime authority issues being
    worked
  • Identify collaborative opportunities 8/15/2000
  • Common Directory...SURA...USG Common Directory
  • Internet2 BOF? SURA BOF? U. Alabama Birmingham?
  • If you dont ask, you cant get it.

47
Performance Objectives (cont.)
  • Draft policy and procedure for managing GSU
    Person 9/15/2000
  • Purpose and guiding principles of stewardship
  • Version 1.0 policy and procedure for managing
    GSU Person 12/15/2000
  • Finalize via campus review
  • Documentation of identifiers, timing
    synchronization for directory, information for
    administrative account management

48
Performance Objectives (cont.)
  • Identify directory infrastructure and PKI funding
    requirements sources 12/15/2000
  • Timing for FY 2001 year end and FY 2002
  • Coordination with USG directory strategies
  • Establish account management for administrative
    applications 3/15/2001
  • Each new person has accounts set up in timely
    manner
  • I2-MI Identifiers, Authentication, and
    Directories Best Practices for Higher
    Education lthttp//middleware.internet2.edu/best-p
    ractices.htmlgt

49
Conclusion
  • Advanced Campus Services is key to GSU strategic
    focus for enterprise directories
  • Full time focus on broad coordinating role
    essential to establishing collaboration and
    consensus development of solutions
  • Goal provide a strategic, competitive advantage
    to the University System community.
Write a Comment
User Comments (0)
About PowerShow.com